Rails 4不加密cookie内容 [英] Rails 4 not encrypting cookie contents
问题描述
您好,我试图加密和保护我的cookies中包含的数据,但似乎只有数据编码(base64)
这是一个例子:
cookies.signed [:example] = {:value => '你能看到吗?',:httponly => true,:expire_after => 30.minutes,:secure => true}
这是cookie的内容:
BAhJIhZjYW4geW91IHNlZSB0aGlzPwY6BkVG - b4a8bbd7cd35e392ccd788df0008fd10b48442b2
解码字符串(base64)我得到:
I你能看到这个吗?:EFom {q {vq {_M& to8f
我想知道我缺少什么,目前这是我在
session_store.rb:
Service :: Application.config.session_store: cookie_store,key:'_service_session'
在我的secret_token.rb中我设置了这样: / p>
Service :: Application.config.secret_key_base ='e892d55cbc205bb6 ..'
pre>
解决方案您的cookis不加密,因为您使用
签名的
方法,
要加密cookie,请使用
encrypted
方法:cookies.encrypted [:discount] = 45
#=> Set-Cookie:discount = ZS9ZZ1R4cG1pcUJ1bm80anhQang3dz09LS1mbDZDSU5scGdOT3ltQ2dTdlhSdWpRPT0%3D - ab54663c9f4e3bc340c790d6d2b71e92f5b60315; path = /
cookie.encrypted [:discount]#=> 45
Hello I'm trying to encrypt and secure the data contained in my cookies but It seems like the data only gets encoded (base64)
This is an example:
cookies.signed[:example] = { :value => 'can you see this?', :httponly => true, :expire_after => 30.minutes, :secure => true }
And this is the content of the cookie:
BAhJIhZjYW4geW91IHNlZSB0aGlzPwY6BkVG--b4a8bbd7cd35e392ccd788df0008fd10b48442b2
And if I decode the string (base64) I get:
I"can you see this?:EFom{q{vq{_M<}to8f
I would like to know what I'm missing, currently this is what I have in
session_store.rb:
Service::Application.config.session_store :cookie_store, key: '_service_session'
And in my secret_token.rb I have set something like this:
Service::Application.config.secret_key_base = 'e892d55cbc205bb6..'
解决方案Your cookis is not encrypted, because you used the
signed
method on the cookie jar, which, well, just signes the cookie content.To encrypt the cookie, use the
encrypted
method:cookies.encrypted[:discount] = 45 # => Set-Cookie: discount=ZS9ZZ1R4cG1pcUJ1bm80anhQang3dz09LS1mbDZDSU5scGdOT3ltQ2dTdlhSdWpRPT0%3D--ab54663c9f4e3bc340c790d6d2b71e92f5b60315; path=/ cookies.encrypted[:discount] # => 45
这篇关于Rails 4不加密cookie内容的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!